Collector - August 2018 - 35

But, in practice, employees often lack the
awareness, responsibility and accountability
required to thwart cybersecurity threats,
increasing the likelihood they will engage
in risky behaviors. For their part, many
employers appear to lack visibility into
employees' poor cybersecurity habits,
a clear sign that their risk management
strategies are falling short.
Additionally, not all employees feel
empowered to report data privacy and
security incidents. Among those who
received a suspicious email at work meant
to trick them into opening a harmful link
or attachment, one-fifth did not report the
suspicious email to their IT department,
hampering IT's efforts to prevent or mitigate
potential security issues, according to an
article published by Willis Towers Watson.
Additional research finds that 68
percent of breaches took months or longer
to discover.
BACK IN WASHINGTON
Facebook is among many private industry
giants that made headlines for data
breaches that unintentionally compromised
the personal information of untold numbers
of consumers. Who can forget the likes of
Equifax, Yahoo and Target, among others?
Leaders in Washington continue to debate
legislative proposals to help resolve issues that
plague American consumers when they make
purchases, use mobile payment technologies
or log on their computers at home or at work.
Earlier this year, the House Subcommittee
on Financial Institutions and Consumer
Credit discussed two legislative proposals,
the Data Acquisition and Technology
Accountability and Security Act and the
Promoting Responsible Oversight of
Transaction and Examinations of Credit
Technology (PROTECT) Act of 2017.
These bills-sponsored by U.S. Reps. Blaine
Luetkemeyer, R-Mo., and Patrick McHenry,
R-N.C., respectively-would reform the
current data security and breach notification
regulatory regime, as well as reform standards
for large consumer reporting agencies,
according to a news release. (At press time,
neither bill had moved to a vote.)
COLLECTOR 08.18
Luetkemeyer noted that industry groups
should realize the immeasurable benefits
data security safeguards and a responsible
notification process will have on their
customers and businesses.
In response to the confusion and
unanswered questions surrounding
cybersecurity threats, the Federal Trade
Commission took up the cause and recently
hosted roundtable sessions to generate
information about the challenges small
businesses, nonprofits and others face when
dealing with these issues.
During the roundtables, smallbusiness owners discussed several issues,
including how to avoid phishing schemes,
ransomware attacks and tech support
scams, as well as cybersecurity basics.
Small-business owners also wanted
information about how to protect company
mobile devices as well as a list of questions
they should ask vendors to ensure their
systems are secure.
In April, the FTC released a Staff Perspective
report outlining some of the issues that will be
used to develop reader-friendly cybersecurity
educational materials. The campaign builds
on the launch of a website in 2017 aimed at
helping small businesses avoid scams and
protect their networks and data.
And finally, back to Mark Zuckerberg.
At press time, Fox News reported that
the billionaire Facebook founder built
consumer-friendly changes into the highly
popular social media site to include a "clear
history" privacy tool. As for Cambridge
Analytica, the London-based company
released a statement in May indicating that it
was "ceasing all operations."
ACA International will continue to engage
with Congress about this issue and report on
data security-related legislation and regulatory
agency actions that impact our members.
Kim Coghill is ACA International's vice
president of communications.
To read the latest data security news
affecting ACA members, subscribe to
the ACA Daily newsletter: https://www.
acainternational.org/news/aca-daily.
KEYNOTES
1
Small businesses are
worried about phishing
schemes, ransomware
attacks and tech support
scams.
2
The call is coming from
inside the house: Verizon
found that 28 percent of data
breaches involved company
insiders, often the result of
innocent mistakes.
3
Legislators are debating
two proposed House
bills that would reform the
current data security and
breach notification regulatory
regime.
35